Subnostr

#FML 😭 The Qubes installer hangs during boot when IOMMU is enabled, and boots fine with it disabled but then the installer tells me that Qubes won't work right without IOMMU turned on (and understandably so).

Obviously I want it enabled, even if Qubes could work in a degraded state without it.

I feel like I got a raw deal here. I checked the HCL and picked out a motherboard specifically based on what was reported to work, and yet... In the past, I've bought motherboards which weren't on the HCL and they worked out better than this.

So next I get to see if there are any updates for my BIOS and try the Qubes 4.2 installer (I already had 4.1 on hand, do I tried that first). After that it'll be time to hit up the forums, I suppose.

#security #infosec #cybersec #GrowNostr #cybersecurity #qubes #QubesOS

Reply to this note

Please Login to reply.

Discussion

Felix 2y ago

As great as the idea of qubes is, as shitty is the implementation unfortunately...

Dr. Hax 2y ago

Hard disagree here.

I've seen a lot of vulnerabilities in Xen that did not affect Qubes because of how they implemented their system.

The ability to safely get data from one VM to another in Qubes is sublime.

The support for quickly switching VMs between Tor, a VPN, or other network configurations is easy to use.

There are hardware compatibility limitations, which is inherent when you are using security features that other OSes don't use, but once it's up and running, the implementation is solid.

Felix 2y ago

I mostly referred to the usability with my claim, updates, which are available all the time, for example take so much longer than on normal OS which makes users tend to ignore them.

Also crucial stuff like a simple night shift mode is missing making it hard to use as daily driver without compromising the security model somehow. No secure boot support, updating Tor browser is weird somehow,...

I think its a cool OS but a bit unpolished which makes me doubt the security from time to time. Tails, for example, on the other hand while having a different target group is really stable, polished and straightforward to use which also makes it harder to be misused.

Dr. Hax 2y ago

There are frequent updates to the guest OSes (Fedora, Debian) and occassional updates to dom0, but they go faster than Windows or macOS updates. This is even true when Qubes updated go through Tor. They also don't interrupt anything nor force a reboot, which is a stark contrast to Windows and macOS.

I don't use night shift, but it should be an option in dom0 since that is running X11. I'll look for it when I'm back up and running.

No secure boot out of the box is a fair point, but they do have two more secure alternatives (Anti Evil Maid or Heads) which has the advantage of limiting the trust you have to put the BIOS.

I like Tails too. That's my go to solution when I need to use someone else's computer. I can just reboot before and after I do something risky, like downloading and running software vs something more sensitive such as encrypted messaging, moving money around, or signing into certain accounts.

I don't tend to do much of those sensitive things while on the go, let alone using someone else's computer, so it's not very many reboots to switch context in practice.

At home it's nice to have different nyms separated, easy backups, and different networking setups for different things (force everything through various VPNs, Tor, a combination of those two, or no networking). Those are the main three things I like about Qubes (beyond the isolation that prevents one vulnerability from meaning "game over", of course).

Dr. Hax 2y ago

Had the latest stable BIOS, updated to one labeled "beta" and got the same results.

Found someone else who ran into IOMMU causing the installer to hang and theonly suggestion was to use a newer version of the installer (e.g. a nightly build). No indication whether it worked or not.

Next up: the Qubes 4.2 installer

Ingwie Phoenix (aka. birb) 2y ago

Oh fun! Been in a similiar issue yesterday - the weirdest error ever and no trace of where it actually comes from. Amazing stuff...

Good luck dude! I ended up flattening my whole homeserver after yeeting libc into high heavens. xD

Dr. Hax 2y ago

Wow, libc. The only times I remember that causing me trouble is when writing exploits, and I can totally understand wanting to yeet it. 🤣

Ingwie Phoenix (aka. birb) 2y ago

opkg remove --force(blablabla) libc

YEEEEEEEEEEEEEEEEEET xD

I somehow had libc++ and libstdc++ fighting over linkage priority whilst libc (musl) just did NOT want to be nice.

So... yeah. I haven't slept for 24+ hours; my night was a goner. xD

Dr. Hax 2y ago

And the Qubes 4.2 installer booted just fine. I guess that forum post was onto something there.

Dr. Hax 2y ago

My last ditch attempt to get my previous SSD to boot with the new motherboard has failed.

I thought maybe if I did a fresh install to a fresh SSD, it'd set up the UEFI variables in the BIOS to allow me swap the old SSD in there and boot up.

No such luck. So now I'm finally going to resort to restoring from a backup and then copying over the files that I manually rescued.